Merge branch 'staging' into product-purchase-provisioning

atst/app.py

@@ -193,6 +193,7 @@ def map_config(config):
         "CONTRACT_END_DATE": datetime.strptime(
             config.get("default", "CONTRACT_END_DATE"), "%Y-%m-%d"
         ).date(),
+        "SESSION_COOKIE_SECURE": config.getboolean("default", "SESSION_COOKIE_SECURE"),
     }
 
 

terraform/modules/k8s/main.tf

@@ -81,3 +81,9 @@ resource "azurerm_monitor_diagnostic_setting" "k8s_diagnostic-1" {
     }
   }
 }
+
+resource "azurerm_role_assignment" "k8s_network_contrib" {
+  scope                = var.vnet_id
+  role_definition_name = "Network Contributor"
+  principal_id         = azurerm_kubernetes_cluster.k8s.identity[0].principal_id
+}

terraform/modules/k8s/variables.tf

@@ -66,4 +66,9 @@ variable "client_secret" {
 variable "workspace_id" {
   description = "Log Analytics workspace for this resource to log to"
   type        = string
-}
+}
+
+variable "vnet_id" {
+  description = "The ID of the VNET that the AKS cluster app registration needs to provision load balancers in"
+  type        = string
+}

terraform/modules/vpc/outputs.tf

@@ -6,4 +6,8 @@ output "subnet_list" {
   value = {
     for k, id in azurerm_subnet.subnet : k => id
   }
-}
+}
+
+output "id" {
+  value = azurerm_virtual_network.vpc.id
+}

terraform/providers/dev/k8s.tf

@@ -23,6 +23,7 @@ module "k8s" {
   client_id           = data.azurerm_key_vault_secret.k8s_client_id.value
   client_secret       = data.azurerm_key_vault_secret.k8s_client_secret.value
   workspace_id        = module.logs.workspace_id
+  vnet_id             = module.vpc.id
 }
 
 #module "main_lb" {